How did this virus get into my computer?

There are many ways in which viruses/spyware/malware can get into your system. Some behaviors can make your computer much more vulnerable than others. These include sharing files on peer-to-peer networks such as LimeWire, Aries, or any torrent program.

The popularity of social networking has drawn the attention of the virus creators and recently has become a huge and very profitable target. Being careful when you are on Facebook can go a long way toward staying safe. Try not to click on anything unless you are 100% sure it is legitimate.

Other ways that viruses enter you computer is through vulnerabilities in software. One way you can help protect yourself is to make sure that your Microsoft patches are all up to date. Some other programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, and Adobe Flash. You may see updates for these blinking at you from the task bar near your clock. It’s a good idea to update these when you see them. There is also a good tool called Secunia Personal Software Inspector available that can check and make sure you have the latest versions of those programs. This free tool can be downloaded from their website http://secunia.com/vulnerability_scanning/personal/

Symantec put out some very interesting information about what they expect to see this year.

Security Trends to Watch in 2010

• Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred on by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today

• Rogue Security Software Vendors Escalate Their Efforts – Rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom.

• Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being targeted toward social site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking account information, just as we have seen attackers take advantage of browser plug-ins more as Web browsers themselves become more secure.

• Windows 7 Will Come into the Cross-Hairs of Attackers – Microsoft has already released the first security patches for its new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is. And the more complex the code is, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

• Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious websites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command-and-control, Web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry countermeasures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique to carry out attacks.

• URL-Shortening Services Become the Phisher’s Best Friend – Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on. In an attempt to evade antispam filters through obfuscation, expect spammers to use shortened URLs to carry out their own evil deeds.

• Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, since malware authors are out to make money and always want the biggest bang for their buck. In 2009 we saw Macs and smartphones targeted more by malware authors; for example, the Sexy Space botnet was aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeted Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

• Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized email address lists and more less-than-legitimate marketers spamming those lists.

• As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam email may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software and the intervention of responsible ISPs and government agencies across the globe.

• Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

• Instant Messaging Spam – As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messaging (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. One in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. (In mid-2009, that level was one in 78 hyperlinks.)